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ABSTRACT: This intentional interference with wireless transmissions can be used as a Lai 
mounting Denial-of- Service attacks on wireless networks. Typically, jamming has been ad< 
external threat model. This paper considers the problem of an attacker disrupting*^ el^ 
wireless ad hoc network through jamming. ^S^* 

Jamming is broken down into layers and this paper focuses on jamming at thefe*isport/ Network layer. 
Jamming at this layer exploits AO DV and TCP protocols and is shown to be vlwSpffective in simulated and 
real networks when it can sense victim packet types, but the encryptiqjaJs $5sumed to mask the entire 
header and contents of the packet so that only packet size, timing, a^^ujnce is available to the attacker 
for sensing. A sensor is developed that consists of four components^O^rst is a probabilistic model of the 
sizes and inter-packet timing of different packet types. The secol^Ns a historical method for detecting 
known protocol sequences that is used to develop the probabili^^models, the third is an active jamming 
mechanism to force the victim network to produce know $eqi^nces for the historical analyser, and the 
fourth is the online classifier that makes packet type d^N*cation decisions. The ratio of the jamming 
pulses duration to the transmission duration can bk^row as B-4. We investigate and analyse the 
performance of combining a crypto graphic inter ra^r with various coding schemes to improve the 
robustness of wireless LANsfor IP packets transro^w []]. 

Keywords: jamming, sensor components, w^fl^^s network, protocols, Ad hoc networks, 
f^^^ Introduction 

Ad hoc networks are envisione^^s praying a significant role in mission critical communication for the 
military, utilities, and indush^^adversary may attempt to attack a victim ad hoc network to prevent 
some or all victim commWj^mfon. Such denial-of-service (DoS) attacks have been considered in ad hoc 
wireless networks at seveftNevels. In this paper we consider encrypted victim networks in which the entire 
packet including headjQi^rta payload are encrypted and thus the attacker cannot directly manipulate any 
of the victim coJTiaffllfcreerJon. In this case, the attacker must resort to external physical -layer- based Does, 
also known as ia^At*^. 

Jamming c«^?as simple as sending out a strong noise signal in order to prevent packets in the victim 
networii^wDeing received. This method of jamming is not the subject of this paper. 

T^s gaper attempts to exploit the Protocols at various layers to get three advantages: jamming gain; 
targVed jamming; and reduced probability of Detection. Jamming gain is the increase in efficiency from 
exploiting features of the victim network relative to Continuousjamming. 

Conventional anti-jamming techniques rely extensively on spread-spectrum (SS) communications [25], or 
some form of jamming evasion (e.g., slow frequency hopping, or spatial retreats [37]). SS techniques provide 
bit-level protection by spreading bits according to a secret pseudo-noise (PN) code, known only to the 
communicating parties. The semethods can only protect wireless transmissions under the external threat 
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model. Potential disclosure of secrets due to node compromise neutralizes the gains of SS. Broad cast 
communications are particularly vulnerable under an internal threat model because all intended receivers 
must be aware of the secrets used to protect transmissions. Hence, the compromise of a single receiver is 
sufficient to reveal relevant cryptographic information, he adversary exploits his internal knowledge for 
launching selective jamming attacks in which specific messages of "high importance" are targeted. Jamming 
can be as simple as sending out a strong noise signal in order to prevent packets in the victim network from 
being received. This method of jamming is not the subject of this paper. This paper attempts to exploi^he 
protocols at various layers to get three advantages: jamming gain; targeted jamming; and ^ 
probability of detection. Jamming gain is the increase in efficiency from exploiting features of^t 
network relative to continuous jamming. 
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ig only specific victim nodes, links, or flows. The attacker may be 
the victim network, and attacking only these parts can lead to further 
'robability of detection, the victim network may not realize that jamming 
amming is not a transmit-only activity. It requires an ability to detect and 
which we denote as sensing. At the physical layer a sensor needs to identify 
!s. Since the network is encrypted, only the start time and size of the packet can be 



11A Layered Model for Jamming 



Hamming and sensing can be broken down into a layered model similar to the 0 SI stack. We break 
into three levels for convenience as shown in Figure 1 The Link/Physical layer directly interacts 
with the media. If a higher layer requests a packet to be jammed, then this lower layer generates the 
physical signal and ensures that a packet and each of its link layer retries are jammed. This layer also 
provides the basic sensing capability of packet duration and timing. 



The Transport/ Network Layer interacts with the corresponding Ad Hoc, IP, TCP, and UDP protocols. This 
layer senses packet types and traffic flows which can then be targeted by jamming. The Application layer 
senses HTTP sessions, VoIP set up and the like and targets specific user activities for jamming. 
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2. Problem Statement and Assumptions 
ZIProblem Statement 



0 



Consider the scenario depicted in Nodes A and B communicate via a wireless link. Within the 
communication range of both A and B there is a jamming node J. When A transmits a packet m to B, nodej 
classifies m by receiving only the first few bytes of m. J then corrupts m beyond recovery by interfering with 
its reception at B. We address the problem of preventing the jamming node from classifying in real J 
thus mitigating J's ability to perform selective jamming. Our goal is to transform a selective jamfn 
random one. Note that in the present work, we do not address packet classification methods^bas^ 
protocol semantics, as described in []], [4], [U], [33]. 

2.2 System and Adversary Model 

Network model-The network consists of a collection of nodes connected via wir^l^\inks. Nodes may 
communicate directly if they are within communication range, or indirectly ^Nroltiple hops. Nodes 
communicate both in uncast mode and broadcast mode. Communications oSJdSe'either unencrypted or 
encrypted. For encrypted broad cast communications, symmetric keys are Crared among all intended 
i pair wise keys or ae^^tflc cryptography. 



Communication Model-Packets are transmitted at a rate 



2^ 

of R baufrXetecl 



:h PHY-layer symbol corresponds 



to q bits, where the value of q is defined by the underlying digita^Nrolation scheme. Every symbol carries 
HY-layer encoder. He^e, Retransmission bit rate is equal to qR bps 



data bits, wherea/(3 is the rate of the PHY-layer < 
and the information bit rate is _qRbps. Spread spectrur 
spectrum (FHSS), or direct sequence spread spectrur 
wireless transmissions from jamming. SS provides i 
30 dB gain), but a powerful jammer is still capable c 



k htiiques such as frequency hopping spread 
may be used at the PHY layer to protect 
:y to interference to some extent (typically20 to 
ng data packets of his choosing. 



3. Real-Tufife^acket Classification 

In this section, we describe how the^jc^ersary can classify packets in real time, before the packet 
transmission is completed. Once a classified, the adversary may choose to jam it depending on his 

strategy. Consider the generic aammS^tcation system depicted in Fig. 2. At the PHY layer, a packet m is 
encoded, inter leaved, and modtffaWi before it is transmitted over the wireless channel. At the receiver, the 
signal is demodulated, dekitrfpSVed, and decoded, to recover the original packet m 
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Fig 2. A generic communication system diagram. 

The adversary's ability in classifying a packet m depends on the implementation of the blocks in Fig. 2. The 
channel coding block expands the original bit sequence m, adding necessary redundancy for protecting m 
against channel errors. 
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4 Impact of Selective Jamming 

In this section, we illustrate the impact of selective jamming attacks on the network performance. We used 
OPNETTM Modeller 14.5 [18] to implement selective jamming attack sin two multi-hop wireless network 
scenarios. In the firsts scenario, the attacker targeted a TCP connection established over a multi-hop 
wireless route. In the second scenario, the jammer targeted network-layer control messages transmitted 
during the route establishment process. 

Selective jamming at the Transport Layer- In the first set of experiments, we setup a file transfieri^^3 

M B file between two users A and B connected via a multi-hop route. >^ 

Selective Jamming at the Network Layer- In this scenario, we simulated a multi-hop wirel^tymwork of 

35nodes, randomly placed within a square area. The AODV routing protocol was used^aMTscover and 
establish routing paths [B]. Connection requests were initiated between random soufe^d^sti nation pairs. 
Three jammers were strategically placed to selectively jam non-overlapping areas^NjJte network. Three 
types of jamming strategies were considered: (a) a continuous jammer, (b) a rand^fffBrnmer blocking only 
afraction p of the transmitted packets, and (c)a selective jammer targeting rouiaSSfest (RREQ) packets. 

5. Hiding Based on Commitment^^ * 

In this section, we show that the problem of real-time packet clasfflJStion can be mapped to the hiding 
property of commitment schemes, and propose a packet-hiding s^etee based on commitments. 

if Schemes 

Commitment schemes are cryptographic primitives ttS^llow an entity A, to commit to a value m, to an 
entity V while keeping m hidden. Commitment schfin^s^re formally defined as follows [7]. 

6. Hiding Basrf^n Cryptographic Puzzles 

In this section, we present a packet hidjrfflj2bheme based on cryptographic puzzles. The main idea behind 
such puzzles is to force the recipien^sf^sezzle execute a pre-defined set of computations before he is able 
to extract a secret of interest. Ihe Pi^fe required for obtaining the solution of a puzzle depends on its 
hardness and the computationally ity of the solver [ID]. The advantage of the puzzle based scheme is that 
its security does not rely on Omkf layer parameters. 

>z\jjhing Based on AII-or-Nothing Transformations 

we^rapose a solution based on All-0 r-Nothing Transformations (AO NT) that introduces a 
*^§tfon and computation overhead. Such transformations were originally proposed by 
n brute force attacks against block encryption algorithms [2]].An AO NT serves as a 
and completely invertible pre-processing step to a plaintext before it is passed to an 
'k encryption algorithm. 

8. Evaluation of Packet-Hiding Techniques 

In this section, we evaluate the impact of our packet-hiding techniques on the network performance via 
extensive simulations. We used the OPNETTM Modeller 14.5 [18] to implement the hiding sub layer and 
measure its impact on the effective throughput of end-to-end connections and on the route discovery 
process in wireless ad-hoc networks. 
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Impact on real-time systems- Our packet-hiding methods require the processing of each individual 
packet by the hiding sub layer. We emphasize that the incurred processing delay is acceptable, even for 
real-time applications. The SCHS requires the application of two permutations. 

9 Related Works 

Jamming attacks on voice communications have been launched since the 1940s [25]. In the context of digital 
Communications, the jamming problem has been addressed under various threat models. We preset a 
classification based on the selective nature of the adversary. * >^ 

9.1Prior work on Selective Jamming Cq * 

In [33], Thuente studied the impact of an external selective jammer who targets various dWrflf packets at 
the MAC layer. To perform packet classification, the adversary exploits inter-packettftain^nformation to 
infer eminent packet transmissions. 

9.2 Non-Selective Jamming Attacks (jfoP 

Conventional methods for mitigating jamming employ some form ijt>^%otnmunications [5], [25]. The 
transmitted signal is spread to a larger bandwidth following a PN seiA^^nV ithout the knowledge of this 
sequence, a large amount of energy (typically 20-30 dB gain) isreWfced to interfere with an on-going 
transmission. 

ConclusiofeX ♦ 

An internal adversary model in which the jammer isj^fe^f the network under attack, thus being aware of 
the protocol specifications and shared network *^we% and we showed that the jammer can classify 
transmitted packets in real time by decoding th^nrst few symbols of an on-going transmission. We 
evaluated the impact of selective jamming stocks on network protocols such as TCP and routing. Our 
findings show that a selective jammer caP^gnificantly impact performance with very low effort. We 
developed three schemes that transform^fcrective jammer to a random one by preventing real-time packet 
classification. Our schemes combin^Amtographic primitives such as commitment schemes, crypto graphic 
puzzles, and all-or-nothing tran^imStrons (AO NTs) with physical layer characteristics. We analyzed the 
security of our schemes and qurfiNied their computational and communication overhead. 
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